CVE Catalog

CVE-2025-57631

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.76%

51th percentile - higher than 51% of all known CVEs

Summary

SQL Injection vulnerability in TDuckCloud v.5.1 allows a remote attacker to execute arbitrary code via the Add a file upload module.

Risk Assessment

An attacker can gain unauthorized access to the database, steal or modify data, and in extreme cases take over the server.

Recommendation

Immediately update TDuckCloud to the latest version and apply parameterized SQL queries in the file upload module.

Original NVD description (English source)

SQL Injection vulnerability in TDuckCloud v.5.1 allows a remote attacker to execute arbitrary code via the Add a file upload module

Vulnerability data from NVD (NIST) · CISA KEV · EPSS